After lots of research, I understand that an app signed with an iOS development provisioning profile can only be installed on devices which have their UDIDs listed within the provisioning profile (which is done on the dev portal). To further my understanding of how this all works, I've created a new development provisioning profile which has only 1 device listed, and that device isn't the one I'm using. For some reason, when I sign an app using this provisioning profile through both xcode and cordova, the app will be installed and deploy as if that device's UDID were listed within the provisioning profile (which it isn't).
I've been using the following to inspect the embedded.mobileprovision profile within the .ipa
security cms -D -i <provprofile>
And there's only 1 device listed, and the UDID of that device doesn't match the UDID of the device which I've managed to install the app on.
Am I missing something here? This issue linked below seems to indicate that this shouldn't work.
Development Provisioning Profile
The embedded provisioning profile with the app isn't the only profile at play here. The device will allow the app to run as long as there is a valid provisioning profile that includes the device and includes the app ID the app is using.
I suspect you had previously installed the app (or another app) that had a valid provisioning profile for that device. The profile either had the same app ID, or was using a wildcard app ID, and is likely still on the device. Because iOS can find a valid profile, it lets the app run.
To verify if this is the case, Plug the device into a Mac, open Xcode, and go to the Devices window. Select the device in question, right-click on it, and select the "Show provisioning profiles..." menu item. You may see other provisioning profiles that are still on the device from previous installs.
Related
I have enrolled to Apple Developer Program to release my first app. My app's bundle ID is the same at developer.apple.com, at appstoreconnect.apple.com and in my XCode project. However, XCode still gives the error in "Signing & Capabilities" tab:
Failed to create provisioning profile.
There are no devices registered
in your account on the developer website. Plug in and select a device
to have Xcode register it.
And another error:
No profiles for ‘com.xxx.yyy’ were found
Xcode couldn't find any iOS
App Development provisioning profiles matching ‘com.xxx.yyy’.
First error message made me think that a physical connection to an iPhone is required to create a provisioning profile.
I have never connected a physical device to my Mac before. I made my tests by iOS simulator. I was planning to do my physical device testing via Testflight.
Do I have to physically (via a USB cable) connect an iPhone to my Mac in order to create a provisioning profile? If not, what might be wrong?
Is it required to have provisioning profile in XCode to be able to use Testflight or publish an app to App Store?
Do I have to physically (via a USB cable) connect an iPhone to my Mac in order to create a provisioning profile?
Yes, if you want to use automatic signing. An automatic provisioning profile unites a computer and a device and an app; it says that this computer is allowed to build this app onto this device. Until Xcode sees the device, it can’t create the profile.
The alternative is to switch to manual signing. It’s more work but now you can generate the profiles yourself.
You do NOT need a physical iOS device (iPhone or similar) to upload an app to App Store! Whether for real or TestFlight.
I realize this qn is old now, but I'm writing this for people like me, who stumble in here fighting the same problem... 😏
What you need to upload apps on App Store:
A MacOS machine (not too old)
A paid Apple Developer Account
An app signing certificate from the above account
A provisioning profile, with or without a physical device
When trying to create a new provisioning profile in your Apple Developer Account, the first option is:
iOS App Development
Create a provisioning profile to install development apps on test devices.
See:
If you chose this option, you need a physical device! In fact, the way I understand it, you are supposed to register the UDIDs of ALL the phones and tablets that you want to test your app on...
If, like me, you don't have an iOS device, you can instead chose the last option in the list:
Developer ID
Create a Developer ID provisioning profile to use Apple services with your Developer ID signed applications.
See:
This one only requires an Apple Developer ID!
At the end of your create-provisioning-profile process, you have to download your profile and open it in Finder to install it (in XCode or whatever you're using). In your project, you have to switch from "automatic signing" to "manual signing". In XCode, this is done here:
If, like me, you had already downloaded your app signing certificate and installed it in your KeyChain app, you may run into this error when trying to apply your provisioning profile:
"Provisioning profile 'your profile name' doesn't include signing certificate 'your certificate name'".
The way I solved this error was:
In KeyChain:
Exporting my Apple Developer certificate to a .p12 file.
Deleting my Apple Developer certificates.
Re-importing the exported certificate file to keychain.
In XCode:
Close and re-start XCode
In the "Signing & Capabilities" tab in the project, de-select the newly downloaded profile and then select it again.
Now, it works! 🙂 From there, you should be able to follow any tutorial for uploading an app to App Store.
I have a simple goal I would like to achieve, manually create a provisioning profile in Xcode.
So, I was trying to use the Pythonista Template in Xcode, and I wanted to flash it to one of my devices so that I could test it on a real device and not just the iOS simulator.
So I enter in what I want the app ID to be, and it says, No profiles for 'com.cartercoding.getnpostserver' were found. So I need to manually create a provisioning profile for it, which I have looked up, but the answers I have found are not relevant.
I am using Xcode 11, stable release.
I don't really know what a provisioning profile does...
A provisioning profile grants permission for one or more iOS devices to run an app signed with a specific certificate. Normally, an iOS device will only run apps that are signed by Apple; a provisioning profile tells the device that it may also run apps signed with a key corresponding to the certificate specified in the profile.
I am trying to put an app that I downloaded from the internet on my phone, so I can't do it the usual way.
The whole iOS code signing infrastructure is designed to prevent you from doing that. Short of jailbreaking your device (which is a whole other conversation) you can't just install an app that you've downloaded onto your phone.
I have a simple goal I would like to achieve, manually create a provisioning profile in Xcode.
You can't create a provisioning profile "manually," if by that you mean to construct one on your own; you have to get one from Apple (whether that's automatically through Xcode or via the developer portal).
For users who need to manually create a provisioning profile (in some companies every app has to have its own provisioning profile)
Sign in to your Apple Developer account and navigate to Certificates, IDs & Profiles > Identifiers > Provisioning Profiles.
https://developer.apple.com/account/ios/profile/production
Add a new provisioning profile.
Activate App Store.
Click Continue.
From the dropdown menu, select the app ID you just created.
Click Continue.
Select the certificate you just created.
Click Continue.
Fill in a name of your choice. The name is not visible to end users.
Click Generate.
Download the provisioning profile.
Click Done.
The provisioning profiles overview with your new provisioning profile is displayed.
If you need a Provisioning Profile of Type Ad Hoc
Is everything the same except point 3
These instructions were copied from this page
https://support.staffbase.com/hc/en-us/articles/115003598691-Creating-the-iOS-Provisioning-Profiles
Apple Developer Program Information says:
A Development Provisioning Profile must be installed on each device on
which you wish to run your application code.
Each Development
Provisioning Profile will contain a set of iPhone Development
Certificates, Unique Device Identifiers and an App ID.
So where are provisioning profiles in my iPhone XS?
Can I see them?
Can I download them?
Can I beam them to any other device via bluetooth? airdrop? email?
It is not recommended for security reasons offcourse, but if you see yourself in the position that you want to distribute your file ad-hoc onair via 3rd-party software (e.g. installonair.com): their download file does not include the provisioning profile and won't let you download the app.
In my case downloading the correct provisioning profile and sharing it via airdrop it installed the provisioning profile on the ipad. You cannot see it, but is there. With the provisioning profile installed manually, it is now possible to download the app via 3rd party software.
The development provisioning profile is contained in the application bundle that is installed on the iOS device (typically using Xcode, but you can also use ad-hoc distribution methods).
You can't see them. There is no settings screen that shows the development apps installed on your phone.
You can't download them (well, you can download the app bundle using Xcode, but if you have Xcode you could just recompile your app).
You can't send a provisioning profile to another device from the device. Even if you could, it wouldn't really serve any purpose because the provisioning profile includes a list of authorised device identifiers and some arbitrary device won't be on the list.
The provisioning profile is installed when you correctly and legally install the app. You cannot see it. It is there to enforce security. It is your warrant to run this particular app on this particular device.
Can I beam them to any other device
Obviously not; if you could do that you would break through the entire security system that Apple has devised.
I maintain an internal iOS app for a client who has an Apple Developer Program account (not Enterprise). They routinely give new devices access to the app by adding the UDIDs to the Devices list in their Apple Developer account and updating their Distribution provisioning profile. Then they deploy the app to the new devices through Airwatch.
When they add new devices in this way, they don't want to have to rebuild the app in Xcode with the updated profile. Instead, they believe they should be able to export the updated profile from their developer account, upload the profile to Airwatch, and push the app to the new devices, without ever generating a new IPA.
Is it possible to do this without an Enterprise Apple Developer account?
As long as you can get the new provisioning profile on the devices through MDM, you don't need to publish a new build. You just need to make sure the profile is installed on the device before they try to install the app. iOS doesn't necessarily care if the valid provisioning profile is bundled with the app when it was packaged. It just cares if a valid provisioning profile is installed on the device when an app is installed / run on the device.
I have used a similar technique with some internal apps we have, since we use a wildcard bundle ID in our profile. If the profile bundled with app A expires, it doesn't matter as long as the user has installed app B, which has a newer, still valid profile.
In my opinion, the workflow should look like this:
new device(s) received
add devices to provisioning profile on developer site
download updated profile and distribute it to all devices, including new device(s) via MDM
have users of new device install app (which should work since they now have a valid profile on their device for the bundle ID in question)
This works for profiles, however, when the certificate expires, you will need to rebuild the app(s).
I am having problems with resigning my Ad-hoc app to contain more/less devices.
By following the steps outlined here https://coderwall.com/p/cea3fw/resign-ipa-with-new-distribution-certificate I manage to resign my ipa using codesign, however it does not seem to have any effect, because even when I remove my device from the provisioning profile, the ipa can still be installed on this device using XCode devices.
Any clues where I may have gone wrong?
The device has stored a copy of an old provisioning profile, and that profile permits the app to be installed on the device.
Mostly we can consider a code signing certificate and a provisioning profile as one thing. But they actually perform two separate functions.
A code signing certificate and its private key is used for signing an app.
A provisioning profile contains lists of devices, code signing certificates, entitlements, and a bundle ID. It is a ticket from Apple which gives permission to install apps not from the App Store.
When a device attempts to install an app, it searches for a stored provisioning profile that may be used to install the app. This may be the provisioning profile included with the app, or a previously installed profile.
To remove provisioning profiles from a device:
Open Xcode and select the menu Windows -> Devices...
Ctrl-click on the device and select “Show provisioning profiles...” from the drop down menu.
Select unwanted profiles and press the “-”-button.